[ietf-dkim] Proposal to amend SSP draft with a reporting address (fwd)
J D Falk
jdfalk at returnpath.net
Fri Mar 7 10:01:40 PST 2008
Florian Sager wrote:
> http://www.mipassoc.org/arf/specs/draft-shafranovich-feedback-
> report-02.html#rfc.section.4 claims that the original email has to be
> contained (with rather few modifications). Unfortunately any
information
> sent back to the signing authority (that should be linked to the
> reporting address) can be used to detect the spamtraps (even the
> subject, the DKIM identity or the date contained in the first section
of
> the ARF report could be correlated to a spam trap address).
>
> Any ideas how to handle this? I guess "give no feedback" is the
> unsatisfying solution.
The report doesn't reveal whether that address is a spamtrap, an end
user, a role account, or even whether or not that address would ever
accept any non-spam message. Or, to stay related to this proposal, it
doesn't reveal whether or not that address would ever accept a message
which passed DKIM verification.
(Some ARF report generators have chosen to redact the recipient address.
This is technically a violation of the spec, but they do it anyway and
it's pretty clear that nobody's going to talk their lawyers out of it.)
--
J.D. Falk
Receiver Products
Return Path
More information about the ietf-dkim
mailing list